Lumen help

Let's Encrypt Certificates (V2)

Creating a Let’s Encrypt Certificate

To create a Let’s Encrypt certificate, navigate to the “Manage Certificates” menu as described above. Media portal lists the certificates associated with the SCID you selected. Click on “New Certificate” to begin creating a new certificate.


  • Type in a “Certificate name” for the new certificate and click on “Request Let’s Encrypt”.


  • Now, fill in the following information for the certificate -


    • In the “Common Name field”, type the fully qualified domain name you want to secure. You can use a wildcard in the domain name to indicate all subdomains. For example, * secures all subdomains under Website Domain Names, Online Stores & Hosting -


    • If you don't want the certificate to automatically renew, clear the Auto-Renew checkbox. (We recommend you let the certificate automatically renew so you don't have to remember to renew it on your own).


    • From the “Key Algorithm” list, select RSA


    • From the “Key Parameter” list, select the number of characters for the certificate - 2048, or 4096.


    • If you need to specify additional host names for the certificate, click Add (in the Subject Alternate Names (SAN) field), then type the fully qualified domain name.


    • Repeat this step to add additional host names. When you use this certificate on a property, you must list all host names you specify here in the “Aliases” list on the property.)


  • Once all the details are filled, click “Submit”.

Action is needed by you for the Let’s Encrypt provisioning process to succeed

  • Once your request has been submitted, our system automatically generates Let’s Encrypt specific CNAMES corresponding to your Common Name and optional Subject Alternate Names (SANs).  You must add these CNAME records to your DNS system for us to pass the electronic Let’s Encrypt challenge that is required to prove that we are authorized to act on your behalf.


  • Upon clicking “submit”, you have the option to be notified by email once they are created, but you can also simply click on the certificate name where you will find them listed once available. Please note that these CNAMES should not be confused with those needed to route traffic to our network. These are provided within the property details of your configuration, after you have promoted it. Wildcard CNAMES will be different from the Let’s Encrypt Challenge CNAMES.


  • Click “Close” to finish creating the certificate. You can now reference the certificate in a property on a configuration and before you promote it to production don’t forget to add the required Let’s Encrypt CNAMEs provided to your DNS system. This is important because your certificate request is processed only after you have promoted your configuration.  You can track the various states of this process in Environment History. Once your configuration is successfully promoted, your certificate will have been obtained and activated.

Updating a Let’s Encrypt Certificate